|
|
| Line 1: |
Line 1: |
| − | =Disk Disposal and Data Recovery=
| + | {{expand}} |
| − | * [http://www.deepspar.com/pdf/DeepSparDiskImagingWhitepaper3.pdf Disk Imaging: A Vital Step in Data Recovery], DeepSpar Data Recovery Systems, November 2006. An in depth look at the many issues that cause data loss / irretrievable data in the data recovery imaging process and how to overcome them.
| + | |
| − | * [http://www.actionfront.com/ts_whitepaper.asp Drive-Independent Data Recovery: The Current State-of-the-Art], ActionFront Data Recovery Labs, August 2005.
| + | |
| − | * [[Recovering Overwritten Data#The Gutmann Paper|Secure Deletion of Data from Magnetic and Solid-State Memory]], Peter Gutmann, Proceedings of the Sixth Usenix Security Symposium, 1996. [http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html]
| + | |
| − | * [http://www-03.ibm.com/financing/pdf/us/recovery/igf4-a032.pdf Hard Drive Disposal: The Overlooked Confidentiality Exposure], FInancial Perspectives, IBM White Paper, November 2003.
| + | |
| | | | |
| − | =Evidence Gathering= | + | {{Infobox_Software | |
| | + | name = grml | |
| | + | maintainer = [[grml team]] | |
| | + | os = {{Linux}} | |
| | + | genre = {{Live CD}} | |
| | + | license = {{GPL}}, others | |
| | + | website = [http://grml.org/ grml.org/] | |
| | + | }} |
| | | | |
| − | * [http://utdallas.edu/~sxs018540/index/docs/byteprints_itcc05.pdf Byteprints: A Tool to Gather Digital Evidence], Sriranjani Sitaraman, Srinivasan Krishnamurthy and S. Venkatesan, Proceedings of the International Conference on Information Technology (ITCC 2005), Las Vegas, Nevada, USA, April 4 - 6, 2005
| + | '''grml''' is a forensic [[Live CD]] based on [[Debian]]. |
| | | | |
| − | =Fake Information= | + | == Overview == |
| | | | |
| − | * [https://analysis.mitre.org/proceedings/Final_Papers_Files/84_Camera_Ready_Paper.pdf Automatic Detection of Fake File Systems], Neil C. Rowe, International Conference on Intelligence Analysis Methods and Tools, McLean, Virginia, May 2005.
| + | grml enables write blocking during early stage of boot process. |
| | | | |
| − | =Feature Extraction and Data Fusion= | + | == External Links == |
| − | Computer Location Determination Through Geoparsing and Geocoding of
| + | * [http://grml.org/ Project site] |
| − | Extracted Features
| + | |
| − | http://www2.chadsteel.com:8080/Publications/drive_location2.doc
| + | |
| − | | + | |
| − | | + | |
| − | =File Carving= | + | |
| − | | + | |
| − | * [http://citeseer.ist.psu.edu/shanmugasundaram03automatic.html Automatic Reassembly of Document Fragments via Context Based Statistical Models], Kulesh Shanmugasundaram and Nasir Memon. | + | |
| − | | + | |
| − | | + | |
| − | =Signed Evidence=
| + | |
| − | <bibtex>
| + | |
| − | @article{duerr-2004,
| + | |
| − | title="Information Assurance Applied to Authentication of Digital Evidence",
| + | |
| − | author="Thomas E. Duerr and Nicholas D. Beser and Gregory P. Staisiunas",
| + | |
| − | year=2004,
| + | |
| − | journal="Forensic Science Communications",
| + | |
| − | volume=6,
| + | |
| − | number=4,
| + | |
| − | url="http://www.fbi.gov/hq/lab/fsc/backissu/oct2004/research/2004_10_research01.htm"
| + | |
| − | }
| + | |
| − | </bibtex>
| + | |
| − | | + | |
| − | | + | |
| − | <bibtex>
| + | |
| − | @article{OppligerR03,
| + | |
| − | author = {Rolf Oppliger and Ruedi Rytz},
| + | |
| − | title = {Digital Evidence: Dream and Reality},
| + | |
| − | journal = {IEEE Security {\&} Privacy},
| + | |
| − | volume = {1},
| + | |
| − | number = {5},
| + | |
| − | year = {2003},
| + | |
| − | pages = {44-48},
| + | |
| − | url = {http://doi.ieeecomputersociety.org/10.1109/MSECP.2003.1236234},
| + | |
| − | abstract="Digital evidence is inherently weak. New evidence-gathering technologies-digital black boxes-must be developed and deployed to support investigations of irreproducible events such as digitally signing a document."
| + | |
| − | }
| + | |
| − | </bibtex>
| + | |
| − | =Other Papers=
| + | |
| − | | + | |
| − | * [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782 A Model for When Disclosure Helps Security: What is Different About Computer and Network Security?], Peter P. Swire, Moritz College of Law of the Ohio State University, Journal on Telecommunications and High Technology Law, Vol. 2, 2004.
| + | |
